In the IIS Admin for the site having the issue go to Sites,
The IIS integrated Windows authentication module implements two major authentication protocols: the NTLM and the Kerberos authentication protocol. It calls on three different Security Service Providers (SSPs): the Kerberos, NTLM, and Negotiate. These SSPs and authentication protocols are normally available and used on Windows networks. IIS web servers commonly use Kerberos (Negotiate) with fallback to NTLM for authenticating domain users to a website. A client that sends a GET request to a web server that is configured with Windows Authentication will receive a 401 Unauthorized response, specifying two authentication choices; Negotiate or NTLM. We know that NTLM authentication is being used here because the first character is a '"T." If it was a "Y," it would be Kerberos. The header is set to "Negotiate" instead of "NTLM." This does not mean it will use Kerberos or NTLM, but that it will "Negotiate" the authorization method and try Kerberos first if it is able. Sep 20, 2016 · Disable it and enable Windows Authentication (First of all IIS always tries to perform anonymous authentication). Open the list of providers, available for Windows authentication (Providers). By default, two providers are available: Negotiate and NTLM. Negotiate is a container that uses Kerberos as the first authentication method, and if the
The way that IIS logs NTLM and Kerberos authentication in the IIS log files is different, depending on what protocol is being used. If the IIS server and the HTTP client that makes the Web request both support the Kerberos protocol, and IIS is configured to use Kerberos, log entries that resemble the following appear in the IIS log for the client request and server response:If either the IIS
Apr 22, 2013 · Go to the Authentication properties of the site in IIS and double check the "Providers" and "Advanced Settings" of the Windows Authentication. On mine, Extended Settings is Off and Kernel-mode is enabled under Advanced Settings. Under Providers, Negotiate and NTLM are available in that order.
Internet Information Services (IIS) for Windows® Server is a flexible, secure and manageable Web server for hosting anything on the Web. From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.
Jul 01, 2020 · Now the following window should appear. Please add the providers as shown in the picture. The order has to be Negotiate over NTLM! Negotiate equals to use Kerberos authentication. After that close the window by pressing OK. For the next step please select your site on the left panel; After that double click the Configuration Editor Apr 16, 2018 · Start IIS Manager or open the IIS snap-in. Expand Server_name , where Server_name is the name of the server, and then expand Web Sites . In the console tree, right-click the Web site, virtual directory, or file for which you want to configure authentication, and then click Properties .